US8505080B2ActiveUtilityA1

Method for generating cross-site scripting attack

58
Assignee: LEE HAHN-MINGPriority: Aug 26, 2011Filed: Nov 17, 2011Granted: Aug 6, 2013
Est. expiryAug 26, 2031(~5.1 yrs left)· nominal 20-yr term from priority
H04L 63/1433H04L 63/1466
58
PatentIndex Score
2
Cited by
6
References
7
Claims

Abstract

A method for generating a cross-site scripting attack is provided. An attack string sample is analyzed for obtaining a token sequence. A string word corresponding to each token is used to replace the token for generating a cross-site scripting attack string. Accordingly, a large number of cross-site scripting attacks are generated automatically, so as to execute a penetration test for a website.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method for generating a cross-site scripting attack, applicable to an electronic device, comprising:
 receiving a number of attack string samples, wherein each attack string sample includes a number of string words; 
 analyzing the attack string samples respectively to obtain a number of first token sequences, wherein each first token sequence includes a number of tokens, and each token corresponds to at least one of the string words; 
 generating a number of cross-site scripting attack strings according to the string words corresponding to the tokens and the first token sequences, comprising:
 establishing a structure model according to the first token sequences; 
 generating a number of second token sequences by using the tokens according to the structure model; and 
 substituting the string words corresponding to the tokens into the second token sequences to generate the cross-site scripting attack strings; and 
 
 outputting the cross-site scripting attack strings. 
 
     
     
       2. The method for generating a cross-site scripting attack according to  claim 1 , wherein the step of analyzing the attack string samples respectively to obtain the first token sequences comprises:
 analyzing the attack string samples to obtain the first token sequences based on a cross-site scripting language syntax corresponding to the string words. 
 
     
     
       3. The method for generating a cross-site scripting attack according to  claim 1 , wherein the second token sequences are randomly generated according to the structure model. 
     
     
       4. The method for generating a cross-site scripting attack according to  claim 1 , wherein the structure model is established according to the Bayes' theorem, Markov Chain (MC) or Hidden Markov Model (HMM). 
     
     
       5. The method for generating a cross-site scripting attack according to  claim 1 , wherein the structure model is represented by a directed graph to decide an order of the tokens in the second token sequences. 
     
     
       6. The method for generating a cross-site scripting attack according to  claim 1 , wherein the structure model is converted through probability and automata technologies. 
     
     
       7. The method for generating a cross-site scripting attack according to  claim 1 , wherein the string words corresponding to the tokens are obtained through random substitution into the second token sequences according to cross-site scripting language syntax.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.